I see. Well, I think we can include this as it just adds support for
another policy type. Another JIRA, please ? :)
On Wed, Jul 18, 2018 at 10:05 AM, stefan.wachter <
stefan.wachter(a)bosch-si.com> wrote:
Ok. I understand. However, I would like to set the policy that allows
a
certain user to access a resource upfront. For example when a resource
owner decides to share a resource with someone by sending an email she
wants to set the necessary policy at the same time (and not later on in a
separate approval step). This is what the User Management UI already
offers. But I would like to implement that functionality by API calls.
Best regards,
*Stefan Wachter INST-ICM/BSV-BS*
Tel. +49(711)811-58477
*Be*
*QIK *
Am 18.07.2018 um 14:20 schrieb Pedro Igor Silva:
On Wed, Jul 18, 2018 at 5:43 AM, stefan.wachter <
stefan.wachter(a)bosch-si.com> wrote:
> Hi,
>
> how can one set a user policy, (i.e. a set of users) to a user managed
> resource? Looking at the class
> org.keycloak.representations.idm.authorization.UmaPermissionRepresentation
>
> I do not see a field that could be used for specifiying a set of user ids.
>
For users, the idea is that you would probably want to follow UMA flow.
The idea behind this endpoint is allow resource servers to define
additional permissions (in addition to users as provided by UMA flow) and
still allow users to revoke them.
>
>
> public class UmaPermissionRepresentationextends
> AbstractPolicyRepresentation {
>
> private Stringid;
> private Stringdescription;
> private Set<String>roles;
> private Set<String>groups;
> private Set<String>clients;
> private Stringcondition;
> ...
> }
>
> public class AbstractPolicyRepresentation {
>
> private Stringid;
> private Stringname;
> private Stringdescription;
> private Stringtype;
> private Set<String>policies;
> private Set<String>resources;
> private Set<String>scopes;
> private Logiclogic = Logic.POSITIVE;
> private DecisionStrategydecisionStrategy =
> DecisionStrategy.UNANIMOUS;
> private Stringowner;
> ...
>
> }
>
> BTW: Why does the derived UmaPermissionRepresentation class have an id
> and description field of its own? I think these fields are inherited
> from its base class AbstractPolicyRepresentation.
>
Good point. Need to refactor this.
>
> --
>
> Best regards,
>
> *Stefan Wachter
> INST-ICM/BSV-BS*
>
> Tel. +49(711)811-58477
>
> *Be**QIK
> *
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user